This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fkL5qpHFODs-cnVy67GVWRqHYM4.cer
File:                     fkL5qpHFODs-cnVy67GVWRqHYM4.cer (raw, json)
Hash identifier:          vCEipjgOrneJHE1quZAzFfgLD01xyL+4Fd8mDI/36Ns=
Subject key identifier:   7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B79EC35E3E8E9A2E29D4812F6F4E2E41E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 14:18:02 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.201.48.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:35:e3:e8:e9:a2:e2:9d:48:12:f6:f4:e2:e4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e42f9aa91c5383b3e727572ebb195591a8760ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:b1:f1:26:d1:e6:88:38:67:27:d9:32:61:
                    15:ec:fd:29:36:fc:40:07:3a:a6:ad:8c:71:b1:fd:
                    16:01:3a:f4:66:bb:84:f8:f9:f3:f6:f8:70:6a:45:
                    23:9a:dc:af:69:ca:10:ac:8f:bf:00:d2:7c:35:0a:
                    2d:6a:40:6c:d6:87:ad:0a:7d:54:37:0f:30:57:fa:
                    60:ce:24:de:9a:08:a2:f6:54:c7:fd:79:99:cf:74:
                    b4:43:9e:b6:3c:a6:8d:e1:eb:a5:e6:e1:cf:85:2b:
                    66:76:5c:23:0c:e8:fa:d1:5f:2d:2f:42:84:1a:ab:
                    17:12:7e:ad:ce:84:d5:fb:2a:ce:ac:0a:62:70:35:
                    f5:55:b6:16:08:f2:80:d1:30:83:d4:e6:17:65:33:
                    48:e3:2d:c4:96:ae:82:bd:3e:c0:1a:77:d3:59:19:
                    8a:cf:16:ee:24:22:cb:d8:49:53:6b:b2:5a:6f:d9:
                    61:90:23:f7:68:4b:0c:31:c2:13:ab:db:90:3e:c7:
                    6d:4e:13:45:04:c9:e5:a0:c8:74:7c:98:19:5e:5b:
                    f1:a5:5c:a6:4d:d4:dc:fe:7c:74:a8:80:66:3c:a0:
                    db:66:73:28:2c:6a:18:ee:48:0e:a0:9e:ee:9b:cf:
                    2e:40:a2:9f:fb:68:59:d9:d3:6d:01:73:6a:76:de:
                    72:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:ff:d2:20:28:22:ba:e2:ad:ec:dd:66:ce:dc:de:3b:b6:ab:
         88:7a:0e:1c:c2:f4:c7:9f:54:b5:45:f4:2c:8e:e2:36:de:09:
         cc:d3:47:cb:97:61:38:58:37:5a:ac:cb:fe:11:00:2a:8b:5a:
         39:ae:fa:3e:64:ab:11:18:06:96:b6:ad:eb:2a:4b:a6:a7:d3:
         0d:02:cb:f0:3c:5d:2e:16:b5:86:b0:2d:3b:64:37:7b:9f:c3:
         76:f1:e7:d5:64:86:8f:34:f3:bb:7f:08:16:2b:ed:6b:b6:f4:
         33:f2:52:be:cf:de:78:6b:08:80:2e:1b:da:a5:6d:56:e6:e5:
         ef:10:2e:43:c0:e1:d1:39:1c:12:b8:c5:bb:67:c1:a1:06:75:
         93:06:c1:19:9c:a4:4f:74:b6:d6:1d:ec:07:7c:83:2a:4f:e1:
         d3:a5:7e:fa:12:f3:db:c4:05:bb:8b:47:42:3a:49:b0:33:16:
         21:14:70:b5:05:da:62:18:39:d2:33:11:49:d3:db:51:21:74:
         76:34:59:c2:eb:cf:75:0f:03:be:42:96:d1:51:36:5e:57:a9:
         4a:93:7b:b8:f8:3b:f9:68:7e:cb:83:15:4d:c7:fd:35:18:ae:
         8a:9b:5d:08:8b:ad:c4:ea:b2:78:09:d3:ed:79:52:cd:3f:90:
         30:e8:bf:f5
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt57DXj6Omi4p1IEvb04uQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTQxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQyZjlhYTkxYzUzODNiM2U3Mjc1NzJlYmIxOTU1OTFhODc2MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspGx8SbR5og4ZyfZMmEV7P0pNvxA
BzqmrYxxsf0WATr0ZruE+Pnz9vhwakUjmtyvacoQrI+/ANJ8NQotakBs1oetCn1U
Nw8wV/pgziTemgii9lTH/XmZz3S0Q562PKaN4eul5uHPhStmdlwjDOj60V8tL0KE
GqsXEn6tzoTV+yrOrApicDX1VbYWCPKA0TCD1OYXZTNI4y3Elq6CvT7AGnfTWRmK
zxbuJCLL2ElTa7Jab9lhkCP3aEsMMcITq9uQPsdtThNFBMnloMh0fJgZXlvxpVym
TdTc/nx0qIBmPKDbZnMoLGoY7kgOoJ7um88uQKKf+2hZ2dNtAXNqdt5yrwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH5C+aqRxTg7PnJ1cuuxlVkah2DOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzgxZDhk
ZC00Y2QzLTQzNzgtYjA2Ny03Y2Q0NzI4NjRiZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvODFkOGRk
LTRjZDMtNDM3OC1iMDY3LTdjZDQ3Mjg2NGJmOC8xL2ZrTDVxcEhGT0RzLWNuVnk2
N0dWV1JxSFlNNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwckwMA0GCSqGSIb3DQEBCwUAA4IBAQCI/9Ig
KCK64q3s3WbO3N47tquIeg4cwvTHn1S1RfQsjuI23gnM00fLl2E4WDdarMv+EQAq
i1o5rvo+ZKsRGAaWtq3rKkump9MNAsvwPF0uFrWGsC07ZDd7n8N28efVZIaPNPO7
fwgWK+1rtvQz8lK+z954awiALhvapW1W5uXvEC5DwOHRORwSuMW7Z8GhBnWTBsEZ
nKRPdLbWHewHfIMqT+HTpX76EvPbxAW7i0dCOkmwMxYhFHC1BdpiGDnSMxFJ09tR
IXR2NFnC6891DwO+QpbRUTZeV6lKk3u4+Dv5aH7LgxVNx/01GK6Km10Ii63E6rJ4
CdPteVLNP5Aw6L/1
-----END CERTIFICATE-----